Clubhouse leakt 3,8 Milliarden Telefonnummern

Cloubhouse
Clubhouse App (source: future zone.at)

Clubhouse. Das war diese App, die vor einem halben oder ganzen Jahr so unglaublich gehyped worden ist. Man kam nicht rein, das war Invite Only. Man kam nicht von alleine rein, cool waren nur die, die drin waren. Alle in meiner Bubble hatten FOMO, Fear Of Missing Out.

Diesen menschlichen Effekt haben vor 15 Jahren schon Facebook und Google mit seinem Mail Produkt sehr erfolgreich bedient. Das Ergebnis war, dass JEDER unbedingt eine Einladung wollte. Und mit Erhalt der gleichen wirklich äußerst bereitwillig Ihre Adressbücher freigegeben haben.

Für die Experience.

Zwischenzeitlich kann man verbale Ansprachen auch auf Twitter halten und kein Hahn kräht mehr nach Clubhouse.

Trotzdem sind der App jetzt 3,8 Milliarden Telefonnummern weggekommen. Und so wies aussieht seid Ihr auch dabei, wenn Ihr jemanden kennt, der das damals toll fand.

via futurezone.at

Fastly Global CDN Disruption

Fastly is one of the major CDN vendors globally. As a regular consumer you wouldn’t be aware of their service, until a failure hits. Today the service faced a configuration issue, that apparently hit global pages like NYTimes and Bloomberg, but also Amazon, Reddit and Twitter, as reported in multiple sources. The issue is reported resolved by the vendor as of this writing. Details on their status page:

Fastly’s Status Page – Global CDN Disruption.

Source: Fastly Status – Global CDN Disruption

For the VMware users here.

VMWare’s vCenter Server is vulnerable to a remote code execution (RCE) vulnerability. That means, an attacker would be able to execute code on any machine with that software reachable from the internet. Executing arbitrary code would also allow malware to replicate, AKA worm. The vulnerability is tracked as CVE-2021-21985.

Code execution flaw in vCenter is exploited to install web shell on unpatched machines.

From the article

Source: This is not a drill: VMware vuln with 9.8 severity rating is under attack | Ars Technica

Is anyone here using Azure?

Are you using Azure? A newly published Hyper-V bug could possibly crash ‘big portions of Azure cloud infrastructure’.

Security researchers have posted proof of concept code that exploits a recently patched vulnerability in Microsoft’s Hyper-V hypervisor. The bug enables code in the guest to crash the host, and in some circumstances compromise the host’s security.

The Register

Source: Hyper-V bug that could crash ‘big portions of Azure cloud infrastructure’: Code published

Privacy on the Net

Screenshot from the ad

As advertised by Apple. The company introduced a feature called “App tracking transparency”, that defaults to “do not allow tracking” as of version 14.5, that was released earlier this year. The feature allows device-owners to control which apps can track user behaviour across multiple websites.

Apple App Tracking Transparency Ad

Reality is more complex, as always, but it’s still a great ad.

Snyk Acquires FossID

FossID is a software composition analysis tool that scans code for open source licenses and vulnerabilities. It is the third acquisition by Snyk in the past 6 months.

FossID, a software composition analysis tool that scans code for open source licenses and vulnerabilities

Source: Snyk Acquires FossID to Accelerate Worldwide Developer-First Security Adoption | Snyk

The Instagram ads Facebook won’t show you

Signal, the company offering secure and private messaging, tried to advertise on Facebook. Naturally, the company tried to drive their value in privacy. They chose to point out the implications Facebook’s businesmodel has for these values.

Apparently Facebook didn’t like the ads.

Signal App Ad.
Signal ad

Source: Signal >> Blog >> The Instagram ads Facebook won’t show you

Der Mann in Merkels Rechner

Hakan Tanriverdi, Datenjournalist und Reporter für Cyber- und IT-Sicherheit beim Bayerischen Rundfunk, hat zusammen mit Florian Flade einen Podcast über CyberSpionage gemacht. Die beiden zeigen dabei auf, wie selbstverständlich Spionage auf diesem Niveau mittlerweile für Regierungen geworden ist.

Das Abo mit Apple Podcasts gibt es direkt hier.